EC-Council Certified Chief Information Security Officer (C|CISO)

Domain 1 – Governance

• Define, Implement, Manage, and Maintain an Information Security Governance Program
• Information Security Drivers
• Establishing an information security management structure
• Laws/Regulations/Standards as drivers of Organizational Policy/Standards/Procedures
• Managing an enterprise information security compliance program
• Risk Management
• Risk mitigation, risk treatment, and acceptable risk
• Risk management frameworks
• NIST
• Other Frameworks and Guidance (ISO 31000, TARA, OCTAVE, FAIR, COBIT, and ITIL)
• Risk management plan implementation
• Ongoing third-party risk management
• Risk management policies and processes
• Conclusion

Domain 2 - Security Risk Management, Controls, & Audit Management

• Information Security Controls
• Compliance Management
• Guidelines, Good and Best Practices
• Audit Management
• Summary

Domain 3 - Security Program Management and Operations

• Program Management
• Operations Management

Domain 4 - Information Security Core Concepts

• Access Control
• Physical Security
• Network Security
• Endpoint Protection
• Application Security
• Encryption Technologies
• Virtualization Security
• Cloud Computing Security
• Transformative Technologies

Domain 5 - Strategic Planning, Finance, Procurement and Vendor Management

• Strategic Planning
• Designing, Developing, and Maintaining an Enterprise Information Security Program
• Understanding the Enterprise Architecture (EA)
• Finance
• Procurement
• Vendor Management
• Summary